[Dovecot] Dovecot under daemontools

newer
[Dovecot] My view on 1.0 release...

older
[Dovecot] userdb prefetch problem..

dale gallagher

10 Aug 2006 10 Aug '06

5:22 p.m.

Hi there

I'm having difficulties in getting dovecot to run under daemontools. Also, from a sysadmin perspective, so far, I find dovecot's config rather complex

I suppose that's what happens when one attempts to appease all authentication methods... anyway, I digress.

System details, to set the scene:

OS: Slackware Linux Linux Kernel: 2.4.29 GCC: 3.2.2 Dovecot version: 1.0.rc6 Dovecot configure options: ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-checkpassword --without-passwd --without-passwd-file --without-shadow --without-pam --without-bsdauth --without-gssapi --without-ldap --without-vpopmail --with-prefetch-userdb --without-sql --without-pgsql --without-mysql --with-ssl=openssl --without-pop3d --with-storages=maildir --without-deliver MTA: qmail Storage: Maildirs under a single virtual user (vmail) Checkpassword: /var/qmail/bin/qmail-vpoplogin (modified cdb checkpassword) User DB: /var/qmail/users/vpasswd.cdb

/etc/dovecot.conf

base_dir = /var/run/dovecot protocols = imap listen = 127.0.0.1 ssl_disable = yes shutdown_clients = yes log_path = /var/log/dovecot login_dir = /var/run/dovecot/login maildir_copy_with_hardlinks = yes protocol imap { # only require access from webmail on same host listen = 127.0.0.1:143 } auth default { passdb checkpassword { args = /var/qmail/bin/qmail-vpoplogin } userdb prefetch { } # user who can access user/passwd db user = auth }

Firstly, I cannot run dovecot as an unprivileged user, as the OS moans that the user doesn't have permission to write to /dev/stderr. I've had a similar issue running Clamav, but a patch to Clamav resolved this? This seems to be related to referencing /dev/stderr directly. Any ideas?

Should I be running dovecot as the virtual mailbox user vmail?

Before I ramble on about what I've tried, could someone explain to me what dovecot actually does, in terms of privilege separation? The online docs are somewhat convoluted. This would help shed light on the solution.

I also noticed the posts re daemontools some time ago, yet they do not include any setup solutions etc - I'd appreciate details from those of you who've succeeded in this regard.

Thanks Dale

Attachments:

attachment.html (text/html — 2.4 KB)

Show replies by date

Odhiambo WASHINGTON

10 Aug 10 Aug

5:40 p.m.

* On 10/08/06 16:22 +0200, dale gallagher wrote: | Hi there Hi Dale! | I'm having difficulties in getting dovecot to run under daemontools. http://www.thedjbway.org/imap/dovecot.html | Also, from a sysadmin perspective, so far, I find dovecot's config | rather complex | - I suppose that's what happens when one attempts to appease all | authentication methods... anyway, I digress. There are two plausible solutions to this complexity problem: 1. Use a Windows Server with some click next-> next 2. Quit being Sysadmin ;) Sorry, one more .... courier-imap is easier to configure, no? Kidding time ;) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Going to church does not make a person religious, nor does going to school make a person educated, any more than going to a garage makes a person a car.

Rick Romero

6:05 p.m.

On Thu, 2006-08-10 at 17:40 +0300, Odhiambo WASHINGTON wrote:

...

* On 10/08/06 16:22 +0200, dale gallagher wrote: | Hi there

Hi Dale!

| I'm having difficulties in getting dovecot to run under daemontools.

http://www.thedjbway.org/imap/dovecot.html

| Also, from a sysadmin perspective, so far, I find dovecot's config | rather complex | - I suppose that's what happens when one attempts to appease all | authentication methods... anyway, I digress.

There are two plausible solutions to this complexity problem:

1. Use a Windows Server with some click next-> next 2. Quit being Sysadmin

;)

I'm sure you're just kidding, but I kinda have to agree here. There are some improvements that could be made in the system. 1. The whole *BSD poll/kqueue issue. From what configure says, kqueue shouldn't ever show up. 2. POP? It gets compiled in automatically, yet doesn't start. Doesn't bother me, as I'm just using IMAP, but it doesn't seem logical. If POP doesn't start by default, I wouldn't think it would be compiled in by default. 3. Config file. It flows well, but it's freaking huge. 3a Quotas. Where are you told that to enable imap quotas, you need to say: mail_plugins = quota imap_quota Maybe I missed it, but I modified horde to manually get the quotas because I couldn't find or figure out how enable it in dovecot. 4. Config file gets overwritten on make install. Good thing I grew up with Leisure Suit Larry ;)

...

Sorry, one more .... courier-imap is easier to configure, no?

Yes on FreeBSD, you have IMAP/POP and SSL config files. My suggestion would be to limit the compiled in defaults, or default to nothing and require the user to select what they need and dynamically add those sections to the example config file for each compiled in module. IMAP/POP, auth, and whatever else. And maybe be a little more descriptive on quotas (though I understand this is a new feature - at least for Maildir). Rick

...

Kidding time ;)

-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

-- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+

Going to church does not make a person religious, nor does going to school make a person educated, any more than going to a garage makes a person a car.

Jakob Hirsch

6:33 p.m.

Quoting Rick Romero:

...

Config file gets overwritten on make install. Good thing I grew up

Huh? The only config file make install writes is dovecot-example.conf, which is a good thing, because you can easily diff it against your own config. If you use the example as your live config, you are lost of course. :)

John Peacock

6:35 p.m.

Rick Romero wrote:

...

Config file gets overwritten on make install.

No it doesn't. *dovecot-example.conf* gets overwritten on each install; very different thing. It is worthwhile to make a copy of the prior dovecot-example.conf so you can make a diff and see what has changed (this is very useful during the rc period).

John

-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748

Rick Romero

6:51 p.m.

On Thu, 2006-08-10 at 11:35 -0400, John Peacock wrote:

...

Rick Romero wrote:

...

Config file gets overwritten on make install.

No it doesn't. *dovecot-example.conf* gets overwritten on each install; very different thing. It is worthwhile to make a copy of the prior dovecot-example.conf so you can make a diff and see what has changed (this is very useful during the rc period).

John

Then I stand corrected.

Maybe I moved dovecot.conf to dovecot.conf.bak the first time instead of copied, which caused my upgraded dovecot to not fire up without copying the backed-up config file back..

Timo Sirainen

7:03 p.m.

On Thu, 2006-08-10 at 10:05 -0500, Rick Romero wrote:

...

I'm sure you're just kidding, but I kinda have to agree here. There are some improvements that could be made in the system.

The whole *BSD poll/kqueue issue. From what configure says, kqueue shouldn't ever show up.

I'm not sure what you mean by this.

...

POP? It gets compiled in automatically, yet doesn't start. Doesn't bother me, as I'm just using IMAP, but it doesn't seem logical. If POP doesn't start by default, I wouldn't think it would be compiled in by default.

Well, I think compiling and using by default are different things. Compiling everything by default doesn't really hurt anything, but using all of them by default does.

I can't really think of how this could be improved. I think no matter what change I do people will start complaining.

...

Config file. It flows well, but it's freaking huge.

Yea. For v2.0 I'm planning on splitting it up. I already once did such a split and asked people's suggestions about that (IIRC).

...

3a Quotas. Where are you told that to enable imap quotas, you need to say: mail_plugins = quota imap_quota Maybe I missed it, but I modified horde to manually get the quotas because I couldn't find or figure out how enable it in dovecot.

I'm hoping to get http://wiki.dovecot.org/NewIndex into a usable state some day and it should hopefully be easy enough to install Dovecot into a fully usable state. :)

Anyway there already is wiki -> Quota page.

...

...
Sorry, one more .... courier-imap is easier to configure, no?

Yes on FreeBSD, you have IMAP/POP and SSL config files.

I think SSL certificates are generated by most Dovecot binary packages, so this is a FreeBSD port-issue I think..

Rick Romero

7:23 p.m.

On Thu, 2006-08-10 at 19:03 +0300, Timo Sirainen wrote:

...

On Thu, 2006-08-10 at 10:05 -0500, Rick Romero wrote:

...
I'm sure you're just kidding, but I kinda have to agree here. There are some improvements that could be made in the system.

The whole *BSD poll/kqueue issue. From what configure says, kqueue shouldn't ever show up.

I'm not sure what you mean by this.

Just to restate myself - I'm really loving dovecot, it just flies :)

Well the way I read configure --help is this:

--with-ioloop=IOLOOP Specify the I/O loop method to use (epoll, kqueue, poll; best for the fastest available; default is poll) --with-notify=IOLOOP Specify the file system notification method to use (dnotify, inotify, kqueue, none; default dnotify if compilable, otherwise none)

If I don't specify anything, I should get 'poll' and 'dnotify' - if FreeBSD supports it - or 'none', respectively.
On my FreeBSD box, I get kqueue and kqueue.

I don't know or understand what the differences are - but it seems to me if configure followed what was documented, there wouldn't be these kqueue issues on BSD. Changing configure to work as documented, would essentially fix that issue.

...

...

POP? It gets compiled in automatically, yet doesn't start. Doesn't bother me, as I'm just using IMAP, but it doesn't seem logical. If POP doesn't start by default, I wouldn't think it would be compiled in by default.

Well, I think compiling and using by default are different things. Compiling everything by default doesn't really hurt anything, but using all of them by default does.

The only reason I suggested selective compiling is to help with the config file. It has so much to it, if you were able to reduce the 'unnecessary' bits based on the configure line, it wouldn't be so overwhelming. Look at the last post where the user had about 12 'real' lines to his config file. My modified one (comments and extra stuff left in there) is 1000 lines. I bet for a 'vpopmail/maildir' setup, it could be under 100 and still be descriptive.

...

I can't really think of how this could be improved. I think no matter what change I do people will start complaining.

I agree :)

...

...

Config file. It flows well, but it's freaking huge.

Yea. For v2.0 I'm planning on splitting it up. I already once did such a split and asked people's suggestions about that (IIRC).

I think anyone who already has it setup shouldn't care too much, it would only affect people who haven't had to figure it out yet.

...

...
3a Quotas. Where are you told that to enable imap quotas, you need to say: mail_plugins = quota imap_quota Maybe I missed it, but I modified horde to manually get the quotas because I couldn't find or figure out how enable it in dovecot.

I'm hoping to get http://wiki.dovecot.org/NewIndex into a usable state some day and it should hopefully be easy enough to install Dovecot into a fully usable state. :)

Anyway there already is wiki -> Quota page.

Ahh I see now. I think I skipped 'Quota' and just read Quota/Maildir assuming that would be more 'accurate' instead of just 'specific'.

...

...
...
Sorry, one more .... courier-imap is easier to configure, no?

Yes on FreeBSD, you have IMAP/POP and SSL config files.

I think SSL certificates are generated by most Dovecot binary packages, so this is a FreeBSD port-issue I think..

Actually, I compiled from source. I was inferring that courier was easier to configure because the config files were split up. :)

Rick

Geert Hendrickx

7:49 p.m.

On Thu, Aug 10, 2006 at 11:23:05AM -0500, Rick Romero wrote:

...

Well the way I read configure --help is this:

--with-ioloop=IOLOOP Specify the I/O loop method to use (epoll, kqueue, poll; best for the fastest available; default is poll) --with-notify=IOLOOP Specify the file system notification method to use (dnotify, inotify, kqueue, none; default dnotify if compilable, otherwise none)

If I don't specify anything, I should get 'poll' and 'dnotify' - if FreeBSD supports it - or 'none', respectively.
On my FreeBSD box, I get kqueue and kqueue.

That's FreeBSD ports' behaviour. Just look at the port's Makefile:

.if !defined(WITHOUT_KQUEUE) CONFIGURE_ARGS+= --with-ioloop=kqueue --with-notify=kqueue .endif

Hence, set WITHOUT_KQUEUE if you don't want it.

Geert

Rick Romero

7:53 p.m.

On Thu, 2006-08-10 at 18:49 +0200, Geert Hendrickx wrote:

...

On Thu, Aug 10, 2006 at 11:23:05AM -0500, Rick Romero wrote:

...
Well the way I read configure --help is this:

--with-ioloop=IOLOOP Specify the I/O loop method to use (epoll, kqueue, poll; best for the fastest available; default is poll) --with-notify=IOLOOP Specify the file system notification method to use (dnotify, inotify, kqueue, none; default dnotify if compilable, otherwise none)

If I don't specify anything, I should get 'poll' and 'dnotify' - if FreeBSD supports it - or 'none', respectively.
On my FreeBSD box, I get kqueue and kqueue.

That's FreeBSD ports' behaviour. Just look at the port's Makefile:

.if !defined(WITHOUT_KQUEUE) CONFIGURE_ARGS+= --with-ioloop=kqueue --with-notify=kqueue .endif

Hence, set WITHOUT_KQUEUE if you don't want it.

That's definitely a solution, except I compiled from source on my own, I didn't use the port.

Otherwise I'd would let the port maintainer know that kqueue seems to be an issue and it probably should be changed..

Is that you? :)

...

Geert

Geert Hendrickx

8:24 p.m.

On Thu, Aug 10, 2006 at 11:53:07AM -0500, Rick Romero wrote:

...

On Thu, 2006-08-10 at 18:49 +0200, Geert Hendrickx wrote:

...
That's FreeBSD ports' behaviour. Just look at the port's Makefile:

.if !defined(WITHOUT_KQUEUE) CONFIGURE_ARGS+= --with-ioloop=kqueue --with-notify=kqueue .endif

Hence, set WITHOUT_KQUEUE if you don't want it.

That's definitely a solution, except I compiled from source on my own, I didn't use the port.

Otherwise I'd would let the port maintainer know that kqueue seems to be an issue and it probably should be changed..

Maybe that's why he made it an option? --with-ioloop=poll gave me problems as well.

...

Is that you? :)

No, I'm the maintainer of the Dovecot package in NetBSD's pkgsrc. :-) Maybe I should consider making it an option there, too.

Geert

Timo Sirainen

8:33 p.m.

On Thu, 2006-08-10 at 11:23 -0500, Rick Romero wrote:

...

...
...

The whole *BSD poll/kqueue issue. From what configure says, kqueue shouldn't ever show up.

I'm not sure what you mean by this.

Just to restate myself - I'm really loving dovecot, it just flies :)

Well the way I read configure --help is this:

--with-ioloop=IOLOOP Specify the I/O loop method to use (epoll, kqueue, poll; best for the fastest available; default is poll) --with-notify=IOLOOP Specify the file system notification method to use (dnotify, inotify, kqueue, none; default dnotify if compilable, otherwise none)

If I don't specify anything, I should get 'poll' and 'dnotify' - if FreeBSD supports it - or 'none', respectively.
On my FreeBSD box, I get kqueue and kqueue.

If you didn't use the port, then it really should have used poll. In 1.0rc1 version it could have used kqueue, but I don't see why it would happen with newer rcs.

Notify's description is wrong though. It uses inotify -> kqueue -> dnotify -> none ordering by default.

...

...
...

POP? It gets compiled in automatically, yet doesn't start. Doesn't bother me, as I'm just using IMAP, but it doesn't seem logical. If POP doesn't start by default, I wouldn't think it would be compiled in by default.

Well, I think compiling and using by default are different things. Compiling everything by default doesn't really hurt anything, but using all of them by default does.

The only reason I suggested selective compiling is to help with the config file. It has so much to it, if you were able to reduce the 'unnecessary' bits based on the configure line, it wouldn't be so overwhelming. Look at the last post where the user had about 12 'real' lines to his config file. My modified one (comments and extra stuff left in there) is 1000 lines. I bet for a 'vpopmail/maildir' setup, it could be under 100 and still be descriptive.

I think most of the parts that can be compiled off don't take all that much space in the config file. Here's the config file split that I was thinking about, probably missing some of the latest changes:

http://dovecot.org/tmp/newconf/

The dovecot-example.conf should also contain some include-directives for the other files.

Rick Romero

8:44 p.m.

On Thu, 2006-08-10 at 20:33 +0300, Timo Sirainen wrote:

...

On Thu, 2006-08-10 at 11:23 -0500, Rick Romero wrote:

...
...
...

The whole *BSD poll/kqueue issue. From what configure says, kqueue shouldn't ever show up.

I'm not sure what you mean by this.

Just to restate myself - I'm really loving dovecot, it just flies :)

Well the way I read configure --help is this:

--with-ioloop=IOLOOP Specify the I/O loop method to use (epoll, kqueue, poll; best for the fastest available; default is poll) --with-notify=IOLOOP Specify the file system notification method to use (dnotify, inotify, kqueue, none; default dnotify if compilable, otherwise none)

If I don't specify anything, I should get 'poll' and 'dnotify' - if FreeBSD supports it - or 'none', respectively.
On my FreeBSD box, I get kqueue and kqueue.

If you didn't use the port, then it really should have used poll. In 1.0rc1 version it could have used kqueue, but I don't see why it would happen with newer rcs.

I'll retry with rc7 later.

Rick

Rick Romero

8:56 p.m.

On Thu, 2006-08-10 at 20:33 +0300, Timo Sirainen wrote:

...

On Thu, 2006-08-10 at 11:23 -0500, Rick Romero wrote:

...
...
...

POP? It gets compiled in automatically, yet doesn't start. Doesn't bother me, as I'm just using IMAP, but it doesn't seem logical. If POP doesn't start by default, I wouldn't think it would be compiled in by default.

Well, I think compiling and using by default are different things. Compiling everything by default doesn't really hurt anything, but using all of them by default does.

The only reason I suggested selective compiling is to help with the config file. It has so much to it, if you were able to reduce the 'unnecessary' bits based on the configure line, it wouldn't be so overwhelming. Look at the last post where the user had about 12 'real' lines to his config file. My modified one (comments and extra stuff left in there) is 1000 lines. I bet for a 'vpopmail/maildir' setup, it could be under 100 and still be descriptive.

I think most of the parts that can be compiled off don't take all that much space in the config file. Here's the config file split that I was thinking about, probably missing some of the latest changes:

http://dovecot.org/tmp/newconf/

The dovecot-example.conf should also contain some include-directives for the other files.

Oh, I don't know about anyone else, but I like that. Except for safety.conf (which I believe you need the login_user - maybe that's just me), it's pretty obvious what you really need to fill out to fire up dovecot and check it out.

I think the auth part is probably the worst section. It doesn't look so bad on a webpage, but in a terminal it's daunting.

Maybe if the options were tagged with 'REQUIRED' or something.
Or how about specifying 'select one passdb and one userdb' at the beginning of auth default { ?

I think just having passdb and userdb is initially confusing as well, but there's not much you can do about that, other that specifically saying what is required.

There's just so much data, and nothing really jumps out at you ;)

Rick

Timo Sirainen

10:56 p.m.

On Thu, 2006-08-10 at 12:56 -0500, Rick Romero wrote:

...

...
http://dovecot.org/tmp/newconf/

The dovecot-example.conf should also contain some include-directives for the other files.

I think the auth part is probably the worst section. It doesn't look so bad on a webpage, but in a terminal it's daunting.

Maybe if the options were tagged with 'REQUIRED' or something.

There aren't really any required options. :)

...

Or how about specifying 'select one passdb and one userdb' at the beginning of auth default { ?

Or maybe I could group the most commonly used passdb+userdb combinations into separate auth-xxx.conf files and include them in the main auth.conf. The includes would be commented out, so the files wouldn't have to be. Then there'd be:

auth-pam.conf: passdb pam, userdb passwd (and userdb static?) auth-passwd.conf: passdb passwd, userdb passwd auth-shadow.conf: passdb shadow, userdb passwd auth-bsdauth.conf: passdb bsdauth, userdb passwd auth-passwd-file.conf: passdb passwd-file, userdb passwd-file auth-sql.conf: passdb sql, userdb sql (and userdb prefetch?) auth-ldap.conf: passdb ldap, userdb ldap (and userdb prefetch?) auth-checkpassword.conf: passdb checkpassword, userdb prefetch auth-vpopmail.conf: passdb vpopmail, userdb vpopmail

And the main auth block would also mention something about it being possible to combine the passdbs and userdbs however wanted.

...

I think just having passdb and userdb is initially confusing as well, but there's not much you can do about that, other that specifically saying what is required.

The above grouping would probably also help with that.

I'd almost want to implement this before v1.0, but probably too late. :)

Roy Marples

8:48 p.m.

On Thursday 10 August 2006 17:03, Timo Sirainen wrote:

...

On Thu, 2006-08-10 at 10:05 -0500, Rick Romero wrote:

...

Config file. It flows well, but it's freaking huge.

Yea. For v2.0 I'm planning on splitting it up. I already once did such a split and asked people's suggestions about that (IIRC).

Maybe a good idea to install config's to /etc/dovecot instead of just /etc then - I'm planning to do this for Gentoo's dovecot ebuild as I've got an open bug for including sieve support and that needs an extra config file so it's down directory makes sense.

Thanks

-- Roy Marples uberlord@gentoo.org Gentoo/Linux Developer (baselayout, networking)

Odhiambo WASHINGTON

7:14 p.m.

* On 10/08/06 10:05 -0500, Rick Romero wrote: | On Thu, 2006-08-10 at 17:40 +0300, Odhiambo WASHINGTON wrote: | > * On 10/08/06 16:22 +0200, dale gallagher wrote: | > | Hi there | > | > Hi Dale! | > | > | I'm having difficulties in getting dovecot to run under daemontools. | > | > http://www.thedjbway.org/imap/dovecot.html | > | > | > | Also, from a sysadmin perspective, so far, I find dovecot's config | > | rather complex | > | - I suppose that's what happens when one attempts to appease all | > | authentication methods... anyway, I digress. | > | > There are two plausible solutions to this complexity problem: | > | > 1. Use a Windows Server with some click next-> next | > 2. Quit being Sysadmin | > | > ;) | | I'm sure you're just kidding, but I kinda have to agree here. There are | some improvements that could be made in the system. | | 1. The whole *BSD poll/kqueue issue. From what configure says, kqueue | shouldn't ever show up. It was problematic, so I simply disabled the compilation for KQUEUE using `make config` in /usr/ports/mail/dovecot (Yes, I use FreeBSD). | 2. POP? It gets compiled in automatically, yet doesn't start. That is not true, or perhaps you disabled it in dovecot.conf! It starts in mine. I have about 20 boxes running dovecot. | Doesn't bother me, as I'm just using IMAP, but it doesn't seem logical. Sure. What is the error though? | If POP doesn't start by default, I wouldn't think it would be compiled in by | default. I reserve my comment on that, since in my setups, I need both. I migrated from courier-imap to dovecot because I got convinced it's better. Timo is always here, and answers questions like the problem is his. Thanks Timo. | 3. Config file. It flows well, but it's freaking huge. Only when you get into the complicated details. In my case: ksm# egrep -v '^[[:space:]]*(#|$)' /usr/local/etc/dovecot.conf | wc -l 39 So, only 39 lines. | 3a Quotas. Where are you told that to enable imap quotas, you need to | say: mail_plugins = quota imap_quota | Maybe I missed it, but I modified horde to manually get the quotas | because I couldn't find or figure out how enable it in dovecot. I implement quota via the MTA. Pretty easy with Exim. You should think about using MTA to control quota if dovecot is complicated. Just an advise. | 4. Config file gets overwritten on make install. Good thing I grew up | with Leisure Suit Larry ;) You have lied! But again what is your platform and how do you upgrade? Perhaps the FreeBSD ports have made me so stupid. They never overwrite any config files... | > Sorry, one more .... courier-imap is easier to configure, no? | | Yes on FreeBSD, you have IMAP/POP and SSL config files. | | My suggestion would be to limit the compiled in defaults, or default to | nothing and require the user to select what they need and dynamically | add those sections to the example config file for each compiled in | module. IMAP/POP, auth, and whatever else. And maybe be a little | more descriptive on quotas (though I understand this is a new feature - | at least for Maildir). These are documented in the Wiki, no? You just have to spare time when you want to implement a feature, and understand how dovecot implements it. The architecture differs between these apps, you know, just as the authors differ. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Time flies like an arrow, but fruit flies like a banana.

dale gallagher

6:38 p.m.

On 10/08/06, Odhiambo WASHINGTON odhiambo.raburu@wananchi.com wrote:

...

| Also, from a sysadmin perspective, so far, I find dovecot's config | rather complex | - I suppose that's what happens when one attempts to appease all | authentication methods... anyway, I digress.

There are two plausible solutions to this complexity problem:

Use a Windows Server with some click next-> next

Quit being Sysadmin

Jokes aside, I haven't touched MS for years, for good reason. I'm not into point-and-click, but really, computing should become simpler over time, not more complex and the simpler systems are inevitably better - http://en.wikipedia.org/wiki/Ockham%27s_razor

Currently using BincIMAP in production which is trivial to setup (I know, it was specifically designed to run in the qmail + checkpassword + daemontools environment) - however, it doesn't implement SORT.

All my services run under daemontools, so I have a fair amount of experience there.

John Peacock

5:41 p.m.

dale gallagher wrote:

...

Firstly, I cannot run dovecot as an unprivileged user, as the OS moans that the user doesn't have permission to write to /dev/stderr. I've had a similar issue running Clamav, but a patch to Clamav resolved this? This seems to be related to referencing /dev/stderr directly. Any ideas?

...snip...

...

log_path = /var/log/dovecot ...snip...

You aren't using the correct log_path; it should be:

log_path = /dev/stderr

which *can* be written to by an unprivileged user.

...

I also noticed the posts re daemontools some time ago, yet they do not include any setup solutions etc - I'd appreciate details from those of you who've succeeded in this regard.

Google is your friend:

http://www.thedjbway.org/imap/dovecot.html

I use the run file listed on that page without change and it works just fine.

John

-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748

dale gallagher

6:29 p.m.

Hi John

Thanks for responding. I've progressed somewhat - details follow.

On 10/08/06, John Peacock jpeacock@rowman.com wrote:

...

You aren't using the correct log_path; it should be:

log_path = /dev/stderr

I did have this option set, sorry - I pasted the previous config. The log process appears to be working since I changed a few other settings.

Google is your friend:

...

    http://www.thedjbway.org/imap/dovecot.html

This is the exact URL which I'd started from before I even started building Dovecot.

$ cat /service/dovecot-imapd/run #!/bin/sh exec 2>&1 echo "Starting dovecot IMAP service" exec envuidgid dovecot
/usr/sbin/dovecot
-F
-c /etc/dovecot.conf

$ cat /service/dovecot-imapd/log/run #!/bin/sh exec setuidgid log multilog t /var/log/dovecot-imapd

I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

---- My revised /etc/dovecot.conf is ----

base_dir = /var/run/dovecot/

protocols = imap protocol imap { listen = 127.0.0.1:143143 }

shutdown_clients = yes

log_path = /dev/stderr log_timestamp =

ssl_disable = yes

login_dir = /var/run/dovecot/login login_chroot = yes login_user = dovecot login_greeting = Dovecot ready.

maildir_copy_with_hardlinks = yes

auth default { mechanisms = plain passdb checkpassword { args = /var/qmail/bin/qmail-vauth } userdb prefetch { } user = auth }

---- Some more detail regarding permissions (if this is pertinent) ----

$ id dovecot uid=1016(dovecot) gid=211(dovecot) groups=211(dovecot)

$ id auth uid=1017(auth) gid=212(auth) groups=212(auth)

$ ls -la /var/qmail/users/ | grep vpasswd -rw-r----- 1 root auth 2814 Aug 3 11:03 vpasswd -rw-r----- 1 root auth 5621 Aug 3 11:04 vpasswd.cdb

$ ls -la /var/log | grep dove drwxr-x--- 2 log log 4096 Aug 10 14:51 dovecot-imapd

$ ls -la /var/qmail/bin | grep vauth -rws--s--x 1 root auth 10320 May 11 2005 qmail-vauth

John Peacock

6:42 p.m.

dale gallagher wrote:

...

I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

That would seem to suggest that you have a broken O/S. You may want to go with a more modern (i.e. 2.6.x kernel) installation.

John

-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748

dale gallagher

6:45 p.m.

On 10/08/06, John Peacock jpeacock@rowman.com wrote:

...

dale gallagher wrote:

...
I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

That would seem to suggest that you have a broken O/S. You may want to go with a more modern (i.e. 2.6.x kernel) installation.

The Dovecot docs specifically mention compatibility with Linux kernel 2.2and later. The host concerned is on a UML installation and 2.4 is currently more reliable for these VM's.

Timo Sirainen

6:53 p.m.

On Thu, 2006-08-10 at 17:29 +0200, dale gallagher wrote:

...

I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

configure --with-ioloop=none

I'll fix this anyway in next version to just silently not use dnotify.

dale gallagher

7:08 p.m.

Thanks Timo.

On 10/08/06, Timo Sirainen tss@iki.fi wrote:

...

On Thu, 2006-08-10 at 17:29 +0200, dale gallagher wrote:

...
I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

configure --with-ioloop=none

I'll fix this anyway in next version to just silently not use dnotify.

Is this only pertinent to 2.4 kernels? Can I not simply use:

./configure --with-notify=none

or will this result in the same error on 2.4?

dale gallagher

7:37 p.m.

...

On 10/08/06, Timo Sirainen wrote:

...
On Thu, 2006-08-10 at 17:29 +0200, dale gallagher wrote:

...
I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

configure --with-ioloop=none

I'll fix this anyway in next version to just silently not use dnotify.

I tried building with --with-ioloop=none alone, but that resulted in the same error, namely: Fatal: sigaction(SIGRTMIN) failed: Invalid argument

Then, I configured with both --with-ioloop=none and --with-notify=none and the original error has gone, but a new one has reared its head:

dovecot: Info: Dovecot v1.0.rc6 starting up dovecot: Error: Login process died too early - shutting down dovecot: Error: child 17320 (login) killed with signal 11 dovecot: Error: child 17319 (login) killed with signal 11

Where should I look for problems now? Could this be with my checkpassword binary?

dale gallagher

7:55 p.m.

On 10/08/06, dale gallagher wrote:

...

On 10/08/06, Timo Sirainen wrote:

...
...
On Thu, 2006-08-10 at 17:29 +0200, dale gallagher wrote:

...
I'm now getting the following error in the logs - any idea? The error isn't terribly informative.

Fatal: sigaction(SIGRTMIN) failed: Invalid argument

configure --with-ioloop=none

I'll fix this anyway in next version to just silently not use dnotify.

I tried building with --with-ioloop=none alone, but that resulted in the same error, namely: Fatal: sigaction(SIGRTMIN) failed: Invalid argument

Then, I configured with both --with-ioloop=none and --with-notify=none and the original error has gone, but a new one has reared its head:

dovecot: Info: Dovecot v1.0.rc6 starting up dovecot: Error: Login process died too early - shutting down dovecot: Error: child 17320 (login) killed with signal 11 dovecot: Error: child 17319 (login) killed with signal 11

Where should I look for problems now? Could this be with my checkpassword binary?

I've tried various settings for the dovecot (login) user, without any change in the above errors.

Attempt 1: HOME=/bin/true, SHELL=/bin/true Attempt 2: HOME=/var/log/dovecot/login, SHELL=/bin/sh

Am I barking up the wrong tree with trying to tweak the login user's env?

Any ideas?

dale gallagher

7:56 p.m.

Oops, I meant /var/run/dovecot/login

On 10/08/06, dale gallagher wrote:

...

Attempt 1: HOME=/bin/true, SHELL=/bin/true Attempt 2: HOME=/var/log/dovecot/login, SHELL=/bin/sh

Am I barking up the wrong tree with trying to tweak the login user's env?

Any ideas?

Timo Sirainen

8:35 p.m.

On Thu, 2006-08-10 at 18:37 +0200, dale gallagher wrote:

...

dovecot: Info: Dovecot v1.0.rc6 starting up dovecot: Error: Login process died too early - shutting down dovecot: Error: child 17320 (login) killed with signal 11 dovecot: Error: child 17319 (login) killed with signal 11

This is because I once again left something broken. ssl_disable=yes causes crashes. Fix here: http://dovecot.org/list/dovecot-cvs/2006-August/006209.html

Or wait for 1.0rc7 which I'll release in a few hours.

dale gallagher

8:45 p.m.

On 10/08/06, Timo Sirainen tss@iki.fi wrote:

...

On Thu, 2006-08-10 at 18:37 +0200, dale gallagher wrote:

...
dovecot: Info: Dovecot v1.0.rc6 starting up dovecot: Error: Login process died too early - shutting down dovecot: Error: child 17320 (login) killed with signal 11 dovecot: Error: child 17319 (login) killed with signal 11

This is because I once again left something broken. ssl_disable=yes causes crashes. Fix here: http://dovecot.org/list/dovecot-cvs/2006-August/006209.html

Or wait for 1.0rc7 which I'll release in a few hours.

I applied the patch and all's well now. Your prompt assistance is very appreciated. Thank you very much!

I will send feedback once I've finished testing.

Timo Sirainen

8:17 p.m.

On Thu, 2006-08-10 at 18:08 +0200, dale gallagher wrote:

...

Thanks Timo.

On 10/08/06, Timo Sirainen tss@iki.fi wrote: On Thu, 2006-08-10 at 17:29 +0200, dale gallagher wrote: > I'm now getting the following error in the logs - any idea? The error > isn't terribly informative. > > Fatal: sigaction(SIGRTMIN) failed: Invalid argument configure --with-ioloop=none I'll fix this anyway in next version to just silently not use dnotify.

Is this only pertinent to 2.4 kernels? Can I not simply use:

./configure --with-notify=none

Oh, I meant exactly that instead of ioloop.

6679

Age (days ago)

6679

Last active (days ago)

List overview

29 comments

9 participants

participants (9)

dale gallagher
Geert Hendrickx
Jakob Hirsch
John Peacock
Odhiambo WASHINGTON
Odhiambo WASHINGTON
Rick Romero
Roy Marples
Timo Sirainen